Black Hat is always chaos. So many people to see, so many new products but sometimes, you get a chance to sit down and talk about issues that are affecting companies now. Enterprise Times was lucky enough to catch up with Sameer Dixit, Vice President, Security Consulting at Spirent Communications and Aleksander Gorkowienko, Managing Consultant and Head of UK Security Labs at Spirent Communications.
We started by talking about one of the big issues from the last two years – how do we make DevSecOps work? It is a subject that seems to confuse vendors and businesses equally. Part of the problem is in the perception of what is required and resolving the different world views of Security and everyone else.
Both Dixit and Gorkowienko say we need to stop looking at it in terms of alignment and culture clash. Dixit says the better question is: “how do we get DevSecOps without friction?” At the heart of his question is removing the blame game. As he says, nobody sets out to write bad code. The problem is that developers were not taught how to write secure code. It’s still arguable that many are still not taught this. Rather than see security as putting in tests and checks, a better use of their time is in educating developers.
Productivity and agility are also challenges. The speed with which we want code delivered today works against testing processes. This, again, is where Dixit believes better education of developers by security is the solution.
To hear what else Dixit and Gorkowienko had to say listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there